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SECURE MESSAGING VIA A MOBILE COMMUNICATIONS 

NETWORK 

The present invention relates to a method of transmitting messages via 
a mobile communications network. More particularly, but not exclusively, 
5 the invention relates to methods of transmitting SMS text messages of the 
GSM system in a secure way. 

For mobile communication device users, SMS text messages provide a 
quick, convenient method of sending and receiving messages. Messages are 
transmitted via a messaging centre. If messages cannot be delivered to the 
10 mobile terminal, they are stored at the messaging centre until they can be 
delivered. However, it may happen that messages eventually ! time-out ! 
without warning. 

SMS also provides a rarely used option to send f flash messages 1 , which 
appear immediately on the device, without requiring user interaction to read 
15 them. The SMS standard also supports e-mail (via X-400 protocols) and both 
binary and text based data. 

The conventional short messaging like the SMS service in GSM 
systems has the drawback that the service is unsuitable for many applications, 
such as electronic commerce or other applications where a secure and 
20 controlled data delivery is required. Below, we set out some reasons why the 
conventional short messaging is unsuitable for secure data delivery. 

Firstly, the sender of a message is usually not informed whether the 
message has been delivered to the receiving mobile terminal and has been 
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received by the user. The GSM system provides also for acknowledged 
messaging, wherein an acknowledgment is transmitted to the sender of the 
message as soon as the message is delivered to the messaging centre. 
However, the sender cannot know whether the message reached the mobile 
5 terminal and, more particularly, whether the message actually reached the 
user for whom the message was intended. 

Secondly, data transmitted via SMS may be decoded by third parties 
with a suitable digital receiver. Moreover, the messages are usually stored in 
the mobile terminal's memory. Thus any third party gaining access to the 
1 0 terminal may read the messages. 

Thirdly, the user of a mobile terminal cannot necessarily be identified 
in many cases. Especially by transmitting a SMS message via the Internet or 
other delivery mechanisms, the identity of the sender of the message may be 
concealed to the receiving user, or the recipient of the message may not be 
1 5 that intended by the sender. 

It is an aspect of the present invention to alleviate some or all the 
disadvantages described above. 

According to another aspect of the present invention there is provided 
a mobile terminal adapted to receive a message via a mobile communications 
20 network; to request authentication data from the user of said mobile terminal; 
and automatically generate an acknowledgment message to the sender of said 
message including said authentication data. 
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In this way the user of the receiving terminal is only required to enter 
the authentication data such as a PIN number and the receiving terminal 
subsequently generates the acknowledgement message and transmits it to the 
sender of the original message. The sender of the message may then verify 
5 the authentication data in order to verify that the recipient of the message is 
the intended user and is informed that the user actually received the message. 

According to another aspect of the present invention, there is provided 
an authentication system for transmitting information, said authentication 
system storing identification information of a plurality of providing users and 

1 0 a plurality of receiving users and being adapted to receive information from at 
least one of said providing users; authenticate said at least one providing user; 
authenticate a receiving user as the recipient of said information; and transmit 
a message based on said information via a mobile communications network to 
said one receiving user's mobile terminal. 

15 In this way the communications between users are controlled by a 

central authentication system (AS). Each user has to register with the AS 
prior to using their services. The AS then verifies the user's identity. In this 
way a receiving user ensures that the information transmitted in a message 
actually originated from an identified providing user. The possibilities of 

20 fraud are accordingly reduced. 

According to one aspect of the present invention there is provided a 
method of transmitting a message via a mobile telecommunications network 
from a sender's terminal to a user's mobile terminal, wherein the user is 



required to acknowledge receipt of said message in a predetermined way and 
an acknowledgement message is subsequently transmitted to the sender of 
said message. 

In this way the receiving user needs to take action when the message 
has reached the receiving terminal. The message may only be displayed after 
the receiving user has taken action and the sender of the message is 
subsequently informed whether delivery was successful and thus whether the 
message actually reached the user. 

According to another aspect of the present invention there is provided 
a method of transmitting a text message via a mobile communications 
network, wherein a portion of said text message is encrypted using a 
private/public key pair, wherein said public key is valid only for a 
predetermined number of text messages; and wherein said public key is 
transmitted in said text message. 

In this way a high security standard can be achieved and at the same 
time only a limited number of messages is required to achieve this standard. 
Preferably, the public key is only used for one communication, i.e. for a 
message and a response thereto. Preferably, a private key complementing the 
public key is used for encryption of the message at the sender's device and 
another private key for decrypting the message is held at the receiving user's 
terminal. 
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Further aspects and advantages of the invention will be appreciated, by 
way of example only, from the following description and accompanying 
drawings, wherein: 

Figure 1 is a schematic outline of a mobile telecommunications 
5 network according to the GSM standard in which the present invention can be 
implemented; 

Figure 2 is a schematic diagram illustrating the participating parties 
and communications between those parties according to one embodiment of 
the present invention; 

10 Figure 3 A is a schematic diagram illustrating the format of a 

conventional SMS message according to the prior art and Figure 3B is a 
schematic diagram illustrating the format of an extended SMS message 
according to another embodiment of the present invention; 

Figure 4 is a flowchart diagram illustrating the process of transmitting 
15 a message according to a further embodiment of the present invention; 

Figure 5 is a flowchart diagram illustrating 'the process of updating 
software according to another embodiment of the present invention; and 

Figure 6 is a flowchart diagram illustrating the process of an electronic 
commerce transaction using the extended messaging method according to yet 
20 another embodiment of the present invention. 

In Figure 1 a schematic outline of a mobile telecommunications 
network according to the GSM standard is shown. A Mobile Switching 
Centre (MSC) is connected via communication links to a number of Base 
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Station Controllers (BSCs) 4. The BSCs are dispersed geographically across 
areas served by the Mobile Switching Centre 2. Each BSC 4 controls one or 
more Base Transceiver Stations (BTSs) 6 located remote from, and connected 
by further communication links to, the BSC 4. Each BTS 6 transmits radio 

5 signals to, and receives signals from, mobile stations 8 which are in an area 
served by that BTS 6. The area is referred to as a "cell". A GSM network is 
provided with a large number of such cells, which are ideally continuous to 
provide continuous coverage over the whole network territory. 

The mobile switching centre is provided with a Home Location 

10 Register (HLR) 12 which is a database storing subscriber data. SMS 
messages are sent via a Short Message Service Centre (SM-SC) 14. The MSC 
2 is connected to the SM-SC 14 via a SMS gateway 16. Such gateways exist 
for mobile terminating short messages and also for mobile originating short 
messages. 

15 If a short message is to be transmitted from a mobile terminal 8 to its 

final destination, the terminal 8 sets up a signalling connection to the MSC 2 
and the message is subsequently transmitted via the SMS gateway 16 to the 
SM-SC 14. From there the message is then delivered to its final destination, 
which may for example be another mobile terminal or a mailbox. The GSM 

20 system provides for a delivery acknowledgement, which indicates that the 
SM-SC has received the message from a mobile terminal. However, the GSM 
system does not support an automatic acknowledgement to indicate whether 
the message has reached its ultimate destination. 
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A short message which is addressed to a mobile terminal 8 is first 
routed to the SM-SC 16. The message may be transmitted to the SM-SC 16 
by another mobile terminal, or by other suitable means such as the public 
switched telephone network PSTN 18 and a human operator or via the 

5 Internet 20. The short message is subsequently transmitted to the SMS 
gateway 16 and forwarded to the relevant MSC 2, which delivers it to the 
mobile station 8. The delivery to the mobile station does not involve the user. 

However, if the mobile station cannot be reached, then the message is 
kept in the SM-SC 14 and is delivered to the mobile terminal as soon as 

10 possible. Usually an automatic "alert" process is started, which notifies the 
SM-SC 14 when the terminal connects to the mobile communications 
network. 

All the systems described above are commercially available products, 

which do not need to be described in more detail. 
15 In the following we will summarise aspects of different embodiments 

of the present invention. It is appreciated that these aspects may be 

implemented individually or in any combination. 

The extended messaging method uses a conventional messaging 

framework via a mobile communications network like for example the SMS 
20 framework in the GSM systems. However, the method provides additional 

features, which are all implemented in software. The applications are running 

on the participating servers or terminals as software applications. Thus no 

modification of the user terminal's hardware or of the underlying messaging 
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protocol, such as the SMS messaging protocol, is required to implement the 

extended messaging method. 

In the extended messaging method the receiving user has to 

acknowledge receipt of a transmitted message. When the message has 
5 reached the receiving terminal (RT) the receiving user (RU) needs to take 

action and the sender of the message is subsequently informed whether the 

RU has taken action and thus whether the message actually reached the user. 

In one embodiment of the extended messaging method the RU needs to take 

action in order to be able to display the message after it has reached the RT. 
10 If the sender does not receive a response, the message is automatically re-sent. 

The user may define the number of times the message is re-sent. 

In the extended messaging method the users communicate via a 

central authentication system (AS). Such an AS may be implemented using a 

conventional server or computer and a system capable of communicating via 
15 the mobile communications network. Each user has to register with the AS 

prior to using the extended message service. 

The extended messaging method automatically generates a formatted 

message or response from the data and information the user enters. Only a 

minimum of input is required and the provided interface requires little or no 
20 . training for the user. The system then brings the response data into the 

required format so that a user can make use of all desired options allowing 

enhanced security in a simple and user-friendly manner. 
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The text to be submitted using the extended messaging method is 
automatically encrypted. Again, a minimal user input is required and only a 
minimal number of messages is required while a high security standard is 
achieved. The text may be encrypted using a public key specific for the 
5 transmission of one message (or one message response pair). According to 
the extended messaging method, the public key, which is used for encryption, 
is subsequently transmitted in un-encrypted form together with the encrypted 
text message one and the same message. A private key complementing this 
public key and also being specific for the transmission of this message may be 

10 used at the sender's terminal for encrypting the message. The RU holds an 
additional private key at his terminal for decrypting the transmitted message 
and encrypting any possible response to that message. The private key stored 
at the RU terminal is not specific to the ongoing communication. 

To enhance the security the user can request that a response is sent to 

15 the sender of the message before the message is actually displayed to the RU. 
If this response message cannot be delivered to the sender, the terminal will 
re-try to send the response message. If the response message cannot be 
delivered after a predetermined number of re-tries, the original message is not 
displayed to the RU, but deleted from the RT. 

20 The user may also choose to store or delete any response to the 

transmitted message. If the response is not stored any memory temporarily 
holding the response message is deleted immediately after the response 
message has been transmitted from the RT. 





Referring now to Figure 3, the format of a conventional SMS message 
and an extended SMS message according to one embodiment of the present 
invention is illustrated. 

The SMS message format according to the prior art (Fig. 3A) contains 
a header 201 and a text body 202. The header includes a field 206 identifying 
the SMS message type, a parameter 207 identifying the SMS service provider 
and parameters 208 and 209 identifying the originating and distribution 
address, respectively. The format typically allows for the transmission of a 
140 or 160 byte text body 202. 

Referring now to Fig. 3B, the format of the extended message is 
described. The extended message also contains the header 201 and text body 
202, and is thus fully compatible with the conventional type. However, the 
text body 202 includes an additional header 203 specific to the extended 
message format, which is incorporated into the conventional text body 202. 
The remaining capacity of text body 202 is available as text body 204 of the 
extended format. The text body 204 of the extended format is thus reduced in 
length compared to text body 202 of the conventional type. The extended 
format can be identified using the field 206 identifying the SMS message type 
of the conventional header 201. In case that the extended format cannot be 
identified in this manner, an additional header will be required to identify the 
message type to the terminals. 

Figure 3B further illustrated the individual fields 21 1 to 218 of the 
additional header 203 according to one embodiment. The first field of 8 bit 
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contains the messaging service type. The value in this field defines the. 
method used to encode the text body 204. Field 212 of 1 bit indicates whether 
the RU is required to take action prior to displaying the message text. Field 
213 determines the maximal number of re-tries which may be used to deliver 
5 the message to the RU. The 2 bit field allows up to 4 retries to be requested. 
In field 214 (1 bit) the user may request that a response is transmitted to the 
sender of the message before the message is displayed. If the response 
message cannot be delivered to the sender after a predetermined number of re- 
tries, the terminal does not display the original message to the sender. Field 
10 215 (1 bit) determines whether any possible response message is stored in the 
RT in a "sent messages" folder. 

If the response is not required to be stored, then the terminal will clear 
any memory holding the response immediately after the response message has 
been transmitted. Field 216 stores information about the software version 
15 such that the software versions of the software installed at the sender's and the 
receiving user's terminal can be compared. 1 byte is reserved for this field. 
Field 217 of 3 bits is reserved for future use. In field 218 the public key 
specific for this on-going transmission is transmitted in the message header 
203 from the sender to the RU. This public key was used for encryption of 
20 the text body of the transmitted message. The RT will extract the key and use 
it for decrypting the text body and may also use it for encryption of a 
response. 128 bits are reserved for field 218. However, fewer bits may be 
used for transmitting the public key. 
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The extended messaging method ensures that not only the terminals 
participating in a transaction or the transmission of information, but also the 
user of the terminals are known or identified. A central AS verifies the 
identity of each user of the extended messaging method service prior to 
5 offering access to it. Every user who wants to use the extended messaging 
method service needs to register with the AS. The AS is responsible for 
ensuring that the user is known to the AS and the AS verifies the identities of 
the users according to a pre-defined and published standard. The AS requires 
identification data from a registering user and stores the user data in a secure 
10 way. The identification data usually contain name, address, IMSI and a 
personal password or a personal identification number (PIN) chosen by the 
user or other suitable security data. The identification data may also contain 
security relevant data about any prior transactions of the user via the AS. 

At registration, the AS then generates a public/private key pair 
15 personal for each user. It stores the public key together with the user data in 
the secure data store and communicates the private key to the user. The 
private key may for example be communicated using the process of updating 
software as will be described below with reference to Fig. 5. 

Referring now to Figure 4, we will describe the process of transmitting 
20 an extended message from an originating user (OU) via an AS to a RU. 

In step 302 the OU contacts the AS and requests an extended message, 
for example by sending a conventional SMS message from the originating 
terminal (OT). The request is transmitted to the AS in step 304. The AS then 
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checks whether the OU is a registered user and verifies the user's identity 
(step 306). 

In step 308 the AS extracts the identification data stored for the OU 
such as the PIN and a private key specific for the OU. The AS generates a 
5 public key specific for the transmission of data for the requested extended 
message in step 309 and transmits the public key via a conventional SMS to 
the OU (step 310). The OT then automatically generates a message according 
to the pre-defined extended message format (step 311). The settings of fields 
211 to 217 can be pre-defined by the user or may be entered by the user 
10 specifically for the extended message to be transmitted. The OT requests the 
text to be transmitted and the IMSI number of the RU like in a conventional 
SMS message. In addition, the OT requests a PIN for authorising the user of 
the OT (step 312). 

The OU enters the requested data in step 314 and the OT encrypts the 
1 5 message text body and the PIN using the public key received in step 310 and a 
private key received on registration. The generated message does not include 
a public key, thus field 218 is empty. In step 318 the OT transmits the 
extended message to the AS. The AS extracts the PIN and the text body from 
the received extended message and decrypts the data (step 320) using its 
20 private key extracted in step 308 and the public key which the AS generated 
in step 309 and transmitted to the OU in step 310. In step 322, the AS 
compares the PIN received and decrypted in steps 318 and 320 to the PIN 
extracted from the secure user database in step 308. ( 
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If the PINs do not match in step 322, the AS may send a new message 
to the OU requesting a PIN for authorisation. The user may enter the PIN a 
second time, the OT encrypts the PIN and steps 318 to 322 are repeated. The 
process can be repeated until the correct PIN is entered, but the possible 

5 numbers of re-tries are predetermined by the AS. If the maximal number of 
re-tries is reached, the process is aborted (step 324). 

If the PINs in step 322 match, the process continues in step 326. The 
AS extracts the IMSI number of the RU from the message received in step 
318 and checks whether the RU is a registered user and verifies the RU ! s 

10 identity in step 326. The AS extracts RU related data from the database in 
step 328. These data include a public key specific to the RU and further 
include a PIN provided by the RU at registration. The data may also include 
preferred settings defined by the RU. 

In step 330 the AS generates a public/ private key pair specific to the 

15 ongoing communication with the RU. In step 332 the AS then encrypts the 
text body of the message received from the OU in step 318 using the public 
user specific key extracted in step 328 and the private transaction-specific key 
generated in step 330. In step 334 the AS then generates a message in the 
extended message format as described above and transmits the message to the 

20 mobile terminal of the RU. 

Data fields 211 to 217 of the extended SMS message are set according 
to predefined settings in the user data store or may be specified by the OU 
specifically for the message to be transmitted and according to the specific 
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security requirements of the information to be transmitted. The terminal 
receives the SMS message and identifies from the header 201 that the 
received message is a message of the extended format. 

The RT extracts and interprets the additional header 203 and extracts 
5 the transmitted public transaction key in step 336. If the field 212 of the 
additional header is set, then the RT requests a PIN number for identification 
of the user before the message is displayed to the user (step 340). After the 
RU enters his PIN number in step 342, the RT encrypts the PIN number in 
step 344 using the transmitted public key and its private key and transmits the 

1 0. PIN in a SMS message to the AS (step 346). 

In step 348 the AS decrypts the transmitted PIN using the public 
transaction key and its private key extracted in step 328. In step 350 the AS 
verifies the entered PIN by comparing it with the user specific PIN stored in 
the secure user data store to check whether the data match. If the data do not 

15 match, the AS may send a message to the RT requesting the correct PIN. The 
AS determines the possible number of re-tries before the process is aborted. If 
the PIN is successfully verified, the AS sends a confirmation message to the 
RT in step 352. The RT then extracts its private key and decrypts the text 
body 204 using the transmitted public transaction key and its private key in 

20 step 353. 

On receipt of this confirmation message the RT then displays the 
decrypted text message in step 354. The user can then read the text body of 
the message and might want to respond to the message. For responding, the 
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user needs to enter the response data in step 356 and to press a "send" key of 
the terminal. The RT then automatically generates a message according to the 
extended messaging method. The RT encrypts the response using its private 
key and the public transaction key transmitted in step 334. The fields 21 1 to 
5 217 are automatically set according to predefined values or the same values 
are used as in the SMS message of step 334. 

The RT transmits the response message to the AS in step 358. After 
receiving the encrypted user response, the AS decrypts the response text body 
using its private key and the public RU's key in step 360. Subsequently the 
10 AS transmits the response to the OU in analogy to steps 328 to 354. 

In the following additional steps of the process are described which 
will be performed if field 214 of the additional header 203 is set. The RT 
requests, encrypts and transmits the PIN as described above in steps 338 to 
346. The AS decrypts and verifies the PIN and decrypts the received message 
15 as described with reference to steps 348 to 353. However, the AS then 
generates a response message to the OU in order to further confirm the origin 
of the message. This response message transmitted from the AS to the OU 
requires an acknowledgement from the OT. 

If the AS cannot deliver the response message or does not receive an 
20 acknowledgement message acknowledging receipt of the response message at 
the OT, then the AS re-tries after a predetermined time interval to deliver the 
response message a predetermined number of times or until the AS receives 
an acknowledgement message from the OT. If the AS finally does not receive 
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an acknowledgement message,, then the AS .sends a message to the RT 
notifying the RT of the negative outcome of the response message. In this 
case the RT does not display the message to the RU, but notifies the user 
accordingly. 

If the AS receives an acknowledgement message from the OT, then 
the AS notifies the RT of the acknowledged response message together .with 
the message of step 352 and subsequently decrypts and displays message to 
the RU as described above with reference to steps 303 and 354. 

A further layer of security can be added if the PIN number itself forms 
part of the encryption algorithm. In this case the AS extracts the RU ? s PIN 
number in step 308 and encrypts the text data to be sent to the RU using the 
PIN, the public transaction key and the AS ! s private key. 

The message can only be decrypted and displayed after the user enters 
the correct PIN number. 

Referring now to Figure 5, the process of updating the software 
applications for the extended messaging method is described. 

As described above, field 216 of header 203 include information about 
the software version used for generating the message. When the RT interprets 
the data of header 203, the RT compares the software version stored on the 
RT to the version indicated in field 216. If the information does not match, 
the RT contacts the AS for a software update. The RT might process the 
transmitted message although a mismatch has been detected if the software 
versions are compatible. In case that they are not compatible, the RT will 
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reject the message. The AS will then delay re-transmission of the message 
until the RT has been provided with the updated software. 

For updating the software, the user contacts the AS via a predefined 
route in step 402, for example using a conventional SMS message. In step 
5 404, the AS verifies the user details. Subsequently, the AS sends the software 
update via a SMS message to the RT (step 406). The software version and 
also the service type are specified in the message. In step 408 the RT verifies 
that the software does indeed originate from the AS. This can for example be 
done by comparing the IMSI number the RT contacted in step 402 with the 

10 IMSI number from which the software update originated. If the source of the 
software update cannot be verified, the user is immediately alerted and the 
process is stopped. However, if the sender is successfully verified, the RT 
subsequently unpacks the software (step 410). In step 412 the RT displays a 
notification about the software update to the user and requests the user's 

15 conventional PIN for accessing the mobile terminal if such PIN identification 
is implemented. The RT checks whether a valid PIN has been entered (step 
414). If the PIN has not been entered or is incorrect, the RT allows for a 
predetermined number of retries. After a successful verification of the PIN, 
the RT sends a message to the AS acknowledging receipt of the software 

20 update (step 416). The RT then stores the software in its memory and updates 
the application software automatically in step 418. The RT notifies the user 
in step 420 that the software update is completed. 
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The extended messaging method is advantageous also for other 
applications where a secure and reliable transmission of data is required. 

In the following we describe an electronic commerce transaction using 
the extended messaging method with reference to Figure 2. In such a scenario 
5 a merchant or service provider has a server 101 with a connection to the 
Internet 103 over which he offers goods or services. A user accesses the 
merchant's server via the Internet 103. with a computer or a mobile terminal or 
another suitable device and selects and requests goods or services. The 
communications for settling the payment and for sending confirmations are. 
10 performed via the central AS 107. The merchant communicates with the AS 
via a secure channel and the AS communicates with the user using the 
extended messaging method via the mobile communications network using 
terminals 105. 

The individual steps of the process are illustrated in Figure 6. After 
15 the user has selected and required goods or services, the merchant contacts the 
AS via a predetermined secure channel and makes a request for authentication 
in step 502. The merchant also communicates the details of the purchase to 
the AS. The AS then verifies the merchant's identity in step 504. The AS 
extracts the consumer's name or IMSI from the data communicated by the 
20 merchant and verifies the consumer's identity in step 506. If the AS cannot 
identify either the merchant's or the consumer's identity, the process is 
aborted. 
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If both identities have been verified, the AS then generates a message 
(step 508) based on the information communicated in step 502. The message 
may for example contain details about the selected goods or services and/or 
details about the payment for the goods or services. The message is then 
5 generated, transmitted to the user and verified as described above with 
reference to Figure 4B in steps 326 to 354. The user may then enter response 
data to the secure message in step 512, such as details about the payment 
and/or confirmation to payment method. 

Again, an extended message is generated at the RT and transmitted to 

10 the AS (step 514). The AS decrypts the message in step 516. To further 
enhance the security, the AS may send a confirmation response to the 
merchant (step 518 and 522) via a predetermined secure communication 
channel. The merchant is then required to respond to this confirmation 
message (step 524). This ensures that a transaction can only be conducted if 

15 both legitimate parties have agreed to the transaction, i.e. after the merchant 
acknowledged the confirmation message. The AS then settles payment of the 
purchase in step 526. 

The extended messaging method may also be used for voting systems 
via a mobile communications network. Previously registered users or a 

20 regional or national selection of registered users are provided with a PIN 
which are created randomly at the AS. These numbers are subsequently sent 
to the users as an extended message message requiring an acknowledged 
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response as described above. After the AS received the acknowledgement 
message, it activates the PINs. 

On the election day, a further extended messaging method is sent to 
the registered users. This message contains a choice of candidates and 
5 requests the PIN as transmitted earlier. The user can then respond using an 
extended message response as described earlier in a secure way. Exactly one 
such message is sent per user and the PIN prevents unauthorised voting. 

Other possible applications for the extended messaging method 
include a secure method of accessing for example a computer system or 
10 building. The user requests an access code from the AS via the mobile 
communications network. The AS subsequently verifies the identity of the 
requesting user and transmits an access code in a secure message. An 
alternative PIN may be entered by the user to indicate that he is being coerced 
or is in distress, thus alerting relevant authorities without compromising the 
15 user's safety. 

Whilst in the above described embodiments SMS messages according 
to the GSM standard are described, it is appreciated that alternatively other 
messaging methods via mobile communications networks can be used. 

Whilst in the above described embodiments the extended messaging 
20 method is implemented in software applications running on the terminals of 
the mobile communications system, it is appreciated that alternatively the 
method can be implemented as a SIM Toolkit application. The SIM Toolkit or 
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SIM Application Toolkit extends the role of the SIM card and allows the SIM 
card to be programmed to carry out new functions. 

It is to be understood that the embodiments described above are 
preferred embodiments only. Namely, various features may be omitted, 
5 modified or substituted by equivalents without departing from the scope of the 
present invention, which is defined in the accompanying claims. 
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CLAIMS: 

1 . A mobile terminal adapted to 

receive a message via a mobile communications network; 
request authentication data from the user of said mobile terminal; and 
automatically generate an acknowledgment message to the sender of said 
message including said authentication data. 

2. An authentication system for transmitting information, said 
authentication system storing identification information of a plurality of 
providing users and a plurality of receiving users and being adapted to 

receive information from at least one of said providing users; 
authenticate said at least one providing user; 

authenticate a receiving user as the recipient of said information; and 
transmit a message based on said information via a mobile 
communications network to said one receiving user's mobile terminal. 

3. An authentication system according to claim 2, further being 
adapted to 

provide a public/private pair key valid only for a single 
communication between the authentication system and said receiving user; 

encrypt at least part of said message using said public/private key pair; 

and to 
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send said public key to said receiving user as part of said message. 

4. An authentication system according to claims 2 or 3, further 
being adapted to extract a public key specific to said receiving user from said 

5 stored identification information and to use said further public key for 
encryption of said at least part of said message. 

5. An authentication system according to claim 2, 3 or 4, further 
being adapted to receive an acknowledgement message or a response message 

1 0 from said receiving user. 

6. An authentication system according to claim 5, further being 
adapted to transmit a confirmation message to said one providing user based 
upon said acknowledgement or response message. 

15 

7. An authentication system according to claim 6, wherein said 
confirmation message requires an acknowledgement message from said one 
providing user and said authentication system further being adapted to send a 
confirmation message to said receiver user's terminal, notifying the terminal 

20 to decrypt and display the decrypted part of said message. 
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8. A method of transmitting a message via a mobile 
telecommunications network from a sender's terminal to a user's terminal, 
wherein the user is required to acknowledge receipt of said message in a 
predetermined way and an acknowledgement message is subsequently 
transmitted to the sender of said message. 

9. A method according to claim 8, wherein a user is required to 
authenticate himself by providing authentication data. 

10. A method according to claim 9, wherein said user's terminal 
automatically generates said acknowledgement message upon supply of said 
authentication data and/or response data. 

11. A method according to claim 9 or 10, wherein a central 
authentication system verifies the user's authentication. 

12. A method according to any of claims 8 to 11, wherein said 
message or a portion thereof is only displayed to the receiving user if the 
receiving user provides a valid authentication. 

13. A method according to any of claims 8 to 12, wherein said 
message is a SMS message according to the GSM standard. 
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14. A method according to any of claims 8 to 13, wherein at least a 
portion of the text message is encrypted by the sender's device before 
transmission and decrypted by the receiving terminal before display. 

5 15. A method according to claim 14, wherein the text message 

comprises a first portion including the body of said message and a second 
portion containing encryption data used for encryption of said body and 
required for decryption of said body. 

10 16. A method according to claim 15, wherein said second portion 

is unencrypted. 

17. A method according to claim 15 or 16, wherein authentication 
data provided by the receiving user and/or response data to said message are 

1 5 encrypted using said encryption data. 

18. A method according to claim 15, 16 or 17, wherein said 
encryption data are valid only for a single communication between the sender 
and the receiving user, said communication comprising said message and a 

20 response to said message. 



19. A method according to any of claims 15 to 18, wherein said 
encryption requires further encryption data stored in the sender's device. 
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20. A method according to any of claims 15 to 19, wherein said 
decryption requires further encryption data stored in the receiving terminal. 

5 2 L A method according to any of claims 8 to 20, wherein at least a 

portion of said message and/or response message to said message is. 
automatically deleted after a predetermined time period from said mobile 
terminal. 

10 22. A method according to any of claims 14 to 21, wherein 

authentication data are used for encryption and decryption of said portion of 
said message. 

23. A method according to any of claims 8 to 22, wherein 
15 conventional short message protocols and software applications running on 

the communications devices are used to implement the method. 

24. A method of transmitting . a text message via a mobile 
communications network, wherein 

20 a portion of said text message is encrypted using a private/public key 

pair, wherein said public key is valid only for a predetermined number of text 
messages; and 

wherein said public key is transmitted in said text message. 
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ABSTRACT: 

A mobile terminal adapted to receive a message via a mobile 
communications network; request authentication data from the user of said 
mobile terminal; and automatically generate an acknowledgment message to 
the sender of said message including said authentication data. 
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